alt Hacker NewsYou can set up your repo to disable pushing directly to branches like main and require MFA to use the org admin account, so something malicious would need to push to a benign branch and separately be merged into one that deploys come from.
Replies
t0mas88 • last Sunday at 3:44 PM
But the attacker could just create a branch, merge request and then merge that?
➕ show 2 replies
Pushing directly to main seems crazy - for anything that is remotely important I would use a pull request/merge request pattern